Page 21 - Information_Security_Program
P. 21

Director of Information   DP250.22   Prohibit the use of modems except where no other means meets the business need.
         Technology, Privacy
         and Data Security with
         IT Staff
         IT Staff                DP250.23    Use Network Address Translation or Port Address Translation to hide the network.

         IT Staff                DP250.24    Operate network‐based intrusion‐detection devices that generate alerts if incidents
                                             and values that exceed normal thresholds and are continuously monitored by trained
                                             personnel.
         Director of Information   DP250.25   Devices used for remote access must use a personal firewall, meet organization
         Technology, Privacy                 malware standards, and not be connected to another network while connected to
         and Data Security to                the organization network.
         establish minimum
         standards and IT Staff
         to ensure standards
         are being met.
         IT Staff                DP250.26    The identity of the user or service attempting to establish a remote‐access
                                             connection must be confirmed with a password meeting organization standards and
                                             with a one‐time password authentication such as a token device or a public‐private
                                             key system with a strong password.
         Director of Information   DP250.27   The remote‐access connection must use an organization‐approved mechanism for
         Technology, Privacy                 establishing a remote‐access connection that encrypts the transmission in a manner
         and Data Security to                meeting organization standards; connect at an authorized entry point, not including
         approve and IT Staff to             modems on desktops, laptops, or servers.
         do.
         IT Staff                DP250.28    At a minimum, wireless traffic will be encrypted using 128‐bit encryption viaWiFi
                                             protected access (WPA or WPA2) technology, IPSEC CHIEF OFFICERN, or changing
                                             encryption keys every 60 minutes.
         IT Staff                DP250.29    The organization will secure wireless access points (WAPS).

         IT Staff                DP250.30    The organization will define, communicate and enforce wireless device hardware
                                             standards.
         IT Staff                DP250.31    The organization will use an alert service for system for external vulnerabilities,
                                             prioritize the recommended fixes, test fixes prior to installation, and propagate
                                             priority fixes within 30 days.
         IT Staff                DP250.32    The organization will continuously enable malware‐protection mechanisms on
                                             systems commonly affected by viruses and install patches in a timely manner.





























                                                                                                         18 | Page
        GES CONFIDENTIAL
   16   17   18   19   20   21   22   23   24   25   26